package com.iqiju.guagua.redtone.video.config;

import com.iqiju.guagua.redtone.video.handler.JwtHandler;
import com.iqiju.guagua.redtone.video.handler.LoginExpireHandler;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${spring.profiles.active}")
    private String profile;

    @Value("${http-authorize-url.static-url}")
    private String[] staticUrl;

    @Value("${http-authorize-url.api-url}")
    private String[] apiUrl;

    @Value("${http-authorize-url.form-login-url}")
    private String[] formLoginUrl;

    @Value("${http-authorize-url.token-login-url}")
    private String[] tokenLoginUrl;

    @Value("${http-authorize-url.actuator-url}")
    private String[] actuatorUrl;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable();

        http.formLogin().disable();

        http.headers().frameOptions().disable();

        if ("prod".equals(profile)){
            /* 登录过期/未登录 处理 */
            http.exceptionHandling().authenticationEntryPoint(new LoginExpireHandler());

            http.authorizeRequests()
                    .antMatchers(staticUrl).permitAll()
                    .antMatchers(apiUrl).denyAll()
                    .antMatchers(tokenLoginUrl).permitAll()
                    .antMatchers(formLoginUrl).denyAll()
                    .antMatchers(actuatorUrl).permitAll()
                    .anyRequest().authenticated();

            /* 配置token验证过滤器 */
            http.addFilterBefore(new JwtHandler(), UsernamePasswordAuthenticationFilter.class);
        }else if ("test".equals(profile)){
            /* 登录过期/未登录 处理 */
            http.exceptionHandling().authenticationEntryPoint(new LoginExpireHandler());

            http.authorizeRequests()
                    .antMatchers(staticUrl).permitAll()
                    .antMatchers(apiUrl).permitAll()
                    .antMatchers(tokenLoginUrl).permitAll()
                    .antMatchers(formLoginUrl).denyAll()
                    .antMatchers(actuatorUrl).permitAll()
                    .anyRequest().authenticated();

            /* 配置token验证过滤器 */
            http.addFilterBefore(new JwtHandler(), UsernamePasswordAuthenticationFilter.class);
        }else{
            http.authorizeRequests().anyRequest().permitAll();
        }

        /* rest 无状态 无session */
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    }
}
